HMD defends following alleged data breach

HMD Global stated no personally identifiable information had been shared with third parties, after it was found that some Nokia 7 Plus devices were sending information to servers located in China.

In a statement, the company said it had analysed the issue and found that device activation client software meant for the Chinese market version of the smartphone was included on a “single batch of Nokia 7 Plus phones”. Due to this, the affected devices were trying to send data to a third-party server, although HMD Global said that “such data was never processed, and no person could have been identified based on this data”.

The company also said that, following speculation about other Nokia-branded phones sending data to third-party servers, all device data other than from Chinese-market smartphones is stored on HMD Global servers in Singapore, powered by Amazon Web Services.

To comply with local legislation, data from devices sold in China is stored within the country.

The vendor said it uses data for two primary reasons: to activate the device warranty; and to collect diagnostic data from owners who participate in its user experience programme.

“HMD Global takes the security and privacy of its consumers seriously and complies with all applicable privacy laws,” it said.